The $100 million Binance heist highlights once again crypto bridges’ vulnerabilities

The rise of crypto is going hand in hand with the rise of heists.

The latest hack to rock the industry wiped out an estimated $100 million from the Binance Smart Chain (BSC), forcing the platform to halt operations.

“The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly,” Binance CEO Changpeng Zhao tweeted late on Oct. 6.

If it wasn’t stopped, the damage had the potential to surpass half a billion dollars. The hacker managed to move 2 billion BNB, worth around $566 million, to their wallet, but couldn’t get it all out by the time Binance suspended all deposits and withdrawals on its platform.

Eight hours after pausing operations, Binance said BSC was “running ok” again. Zhao added that the impact was “a quarter of the last BNB burn,” referring to a July decision to take out of circulation 1.9 million BNB, worth $405 million, to keep the supply at 100 million BNB.

Quotable

There was a bug in the way that the Binance Bridge verified proofs which could have allowed attackers to forge arbitrary messages. Fortunately, the attacker here only forged two messages, but the damage could have been far worse. —Sam Sun, researcher and head of security at crypto and Web3 investment firm Paradigm, who was one of several developers working to stem the Oct. 6 Binance hack

A brief history of crypto hacks in 2022

January: Qubit Finance, based on BSC, was hacked for $80 million

February: Wormhole, one of the most popular bridges linking the ethereum and solana blockchains, lost about $320 million to a hack

March: North Korean hackers group, Lazarus, siphoned $625 million in USD coin and ether from gaming-focused Ronin Network—the biggest ever heist so far

April: Ethereum-based Beanstalk found $182 million had gone missing

June: Hackers strike Harmony’s Horizon Bridge, stealing $100 million

August: Cryptocurrency bridge provider Nomad gets robbed off $190 million 

With this latest Binance hack, cyber criminals have cost crypto platforms more than $1.7 billion so far this year.

Crypto 🤝 cybercrime

According to Josephine Wolff, an associate professor of cybersecurity policy at Tufts University, there are two main reasons why cybercriminals are increasingly targeting crypto:

🤑 There’s lots of money like banks…

📜 But unlike banks, there’s a lack of regulation and oversight

Blockchain bridges, which connect networks to enable the fast swaps of different tokens, are especially vulnerable victims. “These bridges have been breached by hackers in a variety of ways, suggesting that their level of security has not kept pace with the value of assets that they hold,” Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, told CNBC.

By the digits

$286: 1 BNB’s value in dollars after falling more than 3% on the news of the hack

$1.4 billion: money lost to breaches on cross-chain bridges between January and August this year

69%: share of crypto-related hacks bridge heists account for so far in 2022.

2: number of offices Binance just opened in Brazil, a country with 34.5 million crypto users

Related stories

⚡ To fix its broken power market, Europe has to break it more

💡 Rich countries need to start switching off the lights at night

❄️️ How will Europe cope with its energy crisis this winter?